commit d2afd717e62d76bb41ab5f3ab4ce6f885c8edc98
Author: Damien Miller <djm@mindrot.org>
Date:   Tue Mar 2 21:31:47 2021 +1100

    update depend

commit f0c4eddf7cf224ebcac1f07ac8afdb30c6e9fe0a
Author: Damien Miller <djm@mindrot.org>
Date:   Tue Mar 2 21:30:14 2021 +1100

    update relnotes URL

commit 67a8bb7fe62a381634db4c261720092e7d514a3d
Author: Damien Miller <djm@mindrot.org>
Date:   Tue Mar 2 21:29:54 2021 +1100

    update RPM spec version numbers

commit 0a4b23b11b9a4e6eec332dd5c6ab2ac6f62aa164
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Mar 2 01:48:18 2021 +0000

    upstream: openssh-8.5
    
    OpenBSD-Commit-ID: 185e85d60fe042b8f8fa1ef29d4ef637bdf397d6

commit de3866383b6720ad4cad83be76fe4c8aa111a249
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Mar 1 21:13:24 2021 +1100

    Only upload config logs if configure fails.

commit 85ff2a564ce838f8690050081176c1de1fb33116
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Sun Feb 28 22:56:30 2021 +0000

    upstream: Add %k to list of keywords. From
    
    =?UTF-8?q?=20Eero=20H=C3=A4kkinenvia=20bz#3267?=
    MIME-Version: 1.0
    Content-Type: text/plain; charset=UTF-8
    Content-Transfer-Encoding: 8bit
    
    OpenBSD-Commit-ID: 9c87f39a048cee2a7d1c8bab951b2f716256865e

commit e774bac35933e71f924f4301786e7fb5bbe1422f
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Sun Feb 28 01:50:47 2021 +0000

    upstream: Do not try to reset signal handler for signal 0 in
    
    subprocess. Prevents spurious debug message.  ok djm@
    
    OpenBSD-Commit-ID: 7f9785e292dcf304457566ad4637effd27ad1d46

commit 351c5dbbd74ce300c4f058112f9731c867c6e225
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sat Feb 27 23:42:37 2021 +0000

    upstream: fix alphabetic ordering of options; spotted by Iain Morgan
    
    OpenBSD-Commit-ID: f955fec617d74af0feb5b275831a9fee813d7ad5

commit 0d1c9dbe578597f8d45d3ac7690df10d32d743e5
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sat Feb 27 12:25:25 2021 +1100

    zlib is now optional.

commit b7c6ee7b437d9adfd19ef49d6c0f19f13f26f9b3
Author: Jeffrey H. Johnson <61629094+johnsonjh@users.noreply.github.com>
Date:   Sat Feb 27 01:04:58 2021 +0000

    Fix punctuatio and typo in README.md.
    
    Some very minor fixes, missing 's' and punctuation.

commit 6248b86074804983e8f7a2058856a516dbfe2924
Author: Damien Miller <djm@mindrot.org>
Date:   Fri Feb 26 16:45:50 2021 +1100

    Revert "ssh: optional bind interface if bind address specified."
    
    This reverts commit 5a878a71a3528c2626aa1d331934fd964782d41c.
    
    Apologies - I accidentally pushed this.

commit 493339a940b13be6071629c3c2dd5a3b6fc17023
Author: Damien Miller <djm@mindrot.org>
Date:   Fri Feb 26 15:45:38 2021 +1100

    detech BSD libc hash functions in libbsd / libmd
    
    Some Linux distributions are shipping the BSD-style hashing functions
    (e.g. SHA256Update) in libbsd and/or libmd. Detect this situation to
    avoid header/replacement clashes later. ok dtucker@

commit 5a878a71a3528c2626aa1d331934fd964782d41c
Author: Dmitrii Turlupov <dturlupov@factor-ts.ru>
Date:   Thu Feb 4 16:27:31 2021 +0300

    ssh: optional bind interface if bind address specified.
    
    Allows the -b and -B options to be used together.
    For example, when the interface is in the VRF.

commit 1fe4d70df94d3bcc2b35fd57cad6b5fc4b2d7b16
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Feb 26 04:18:42 2021 +0000

    upstream: remove this KEX fuzzer; it's awkward to use and doesn't play
    
    nice with popular fuzzing drivers like libfuzzer. AFAIK nobody has used it
    but me.
    
    OpenBSD-Regress-ID: cad919522b3ce90c147c95abaf81b0492ac296c9

commit 24a3a67bd7421740d08803b84bd784e764107928
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Feb 26 11:49:19 2021 +1100

    Remove macos-11.00 PAM test target too.
    
    These are failing apparently due to some kind of infrastructure problem,
    making it look like every commit is busted.

commit 473201783f732ca8b0ec528b56aa55fa0d8cf717
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Feb 26 00:16:58 2021 +0000

    upstream: a bit more debugging behind #ifdef DEBUG_SK
    
    OpenBSD-Commit-ID: d9fbce14945721061cb322f0084c2165d33d1993

commit fd9fa76a344118fe1ef10b9a6c9e85d39599e9a8
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Feb 26 01:15:10 2021 +1100

    Remove macos-11.0 from the test target list.
    
    It has been consistently failing for the past few days with a github
    actions internal error.

commit 476ac8e9d33dbf96ef97aab812b8d7089d0cdc24
Author: Philip Hands <phil@hands.com>
Date:   Wed Feb 24 23:43:16 2021 +0100

    tidy the $INSTALLKEY_SH code layout a little
    
    SSH-Copy-ID-Upstream: 78178aa5017222773e4c23d9001391eeaeca8983

commit 983e05ef3b81329d76d6a802b39ad0d1f637c06c
Author: Jakub Jelen <jjelen@redhat.com>
Date:   Tue Sep 29 10:02:45 2020 +0000

    if unable to add a missing newline, fail
    
    SSH-Copy-ID-Upstream: 76b25e18f55499ea9edb4c4d6dc4a80bebc36d95

commit 3594b3b015f6014591da88ba71bf6ff010be7411
Author: Philip Hands <phil@hands.com>
Date:   Tue Oct 13 14:12:58 2020 +0200

    use $AUTH_KEY_DIR, now that we have it
    
    since that was a change made since jjelen's commit was written
    
    also, quote the variables
    
    SSH-Copy-ID-Upstream: 588cd8e5cbf95f3443d92b9ab27c5d73ceaf6616

commit 333e25f7bc43cee6e36f766e39dad6f9918b318c
Author: Jakub Jelen <jjelen@redhat.com>
Date:   Tue Sep 29 10:00:01 2020 +0000

    restorecon the correct directory
    
    if using different path for authorized_keys file
    
    SSH-Copy-ID-Upstream: 791a3df47b48412c726bff6f7b1d190721e65d51

commit 9beeab8a37a49a9e3ffb1972fff6621ee5bd7a71
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Feb 25 03:27:34 2021 +0000

    upstream: s/PubkeyAcceptedKeyTypes/PubkeyAcceptedAlgorithms/
    
    OpenBSD-Regress-ID: 3dbc005fa29f69dc23d97e433b6dffed6fe7cb69

commit 2dd9870c16ddbd83740adeead5030d6840288c8f
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Wed Feb 24 23:12:35 2021 +0000

    upstream: Rename pubkeyacceptedkeytypes to pubkeyacceptedalgorithms in
    
    test to match change to config-dump output.
    
    OpenBSD-Regress-ID: 74c9a4ad50306be873d032819d5e55c24eb74d5d

commit b9225c3a1c3f5827e31d5d64a71b8e0504a25619
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Wed Feb 24 01:18:08 2021 +0000

    upstream: Put obsolete aliases for hostbasedalgorithms and
    
    pubkeyacceptedalgorithms after their current names so that the config-dump
    mode finds and uses the current names.  Spotted by Phil Pennock.
    
    OpenBSD-Commit-ID: 5dd10e93cccfaff3aaaa09060c917adff04a9b15

commit 8b8b60542d6652b2c91e0ef9e9cc81bcb65e6b42
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Feb 23 21:55:08 2021 +0000

    upstream: lots more s/key types/signature algorithms/ mostly in
    
    HostbasedAcceptedAlgorithms and HostKeyAlgorithms; prompted by Jakub Jelen
    
    OpenBSD-Commit-ID: 3f719de4385b1a89e4323b2549c66aae050129cb

commit 0aeb508aaabc4818970c90831e3d21843c3c6d09
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Feb 23 21:50:18 2021 +0000

    upstream: Correct reference to signature algorithms as keys; from
    
    Jakub Jelen
    
    OpenBSD-Commit-ID: 36f7ecee86fc811aa0f8e21e7a872eee044b4be5

commit f186a020f2ba5f9c462a23293750e29ba0a746b1
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Tue Feb 23 16:05:22 2021 +1100

    Add a couple more test VMs.

commit ffcdd3d90e74176b3bb22937ad1f65a6c1cd3f9d
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Feb 22 08:09:27 2021 +1100

    Valgrind test: split and move up list.
    
    Since the valgrind test takes so long it approaches the limit allowed by
    github, move it to the head of the list so it's the first one started and
    split the longest tests out into a second instance that runs concurrently
    with the first.

commit c3b1636770785cc2830dedd0f22ef7d3d3491d6d
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Feb 23 00:05:31 2021 +0000

    upstream: warn when the user specifies a ForwardAgent path that does
    
    not exist and exit if ExitOnForwardFailure is set; bz3264
    
    OpenBSD-Commit-ID: 72f7875865e723e464c71bf8692e83110699bf26

commit 5fcb0514949d61aadaf4a89cf16eb78fb47491ec
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sat Feb 20 13:34:02 2021 +1100

    Disable rlimit sandbox, doesn't work with valgrind
    
    Only run regress tests, runing unit tests as well makes it run longer
    than allowed y github.

commit bb0b9bf45396c19486080d3eb0a159f94de7e6ba
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sat Feb 20 13:06:25 2021 +1100

    Upload valgrind logs on failure.

commit ebb3b75e974cb241c6b9b9f5881b09c7bd32b651
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Feb 19 22:18:50 2021 +1100

    Rename "vm" to "os" in selfhosted to match c-cpp.
    
    Should make it easier to share code or maybe merge at some point.

commit 76c0be0fe0465cb2b975dbd409f8d38b55e55bcb
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Feb 19 22:15:22 2021 +1100

    Upload regress failure logs in c-cpp too.

commit 8751b6c3136f5225c40f41bbf29aa29e15795f6e
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Feb 19 22:13:36 2021 +1100

    Comment out Solaris 64bit PAM build...
    
    until I can figure out why it's failing.

commit e9f6d563c06886b277c6b9abafa99fa80726dc48
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Feb 19 10:20:17 2021 +1100

    Actually run Valgrind tests.

commit 41d232e226624f1a81c17091c36b44c9010aae62
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Feb 19 10:16:56 2021 +1100

    Add test against Valgrind.

commit e6528d91f12fba05f0ea64224091c9d0f38bdf1d
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Feb 18 16:30:01 2021 +1100

    Add fbsd12 test target.

commit 6506cb2798d98ff03a7cc06567c392a81f540680
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Feb 18 15:21:13 2021 +1100

    Remove unused arg.

commit 93c31a623973b0fad508214593aab6ca94b11dcb
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Feb 18 14:54:07 2021 +1100

    Add DEBUG_SK to kitchensink builds.

commit 65085740d3574eeb3289d592f042df62c2689bb0
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Feb 18 14:53:14 2021 +1100

    Add bbone test target (arm32).

commit 63238f5aed66148b8d6ca7bd5fb347d624200155
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Feb 18 02:49:35 2021 +0000

    upstream: Fix the hostkeys rotation extension documentation
    
    The documentation was lacking the needed want-reply field in the initial
    global request.
    
    https://github.com/openssh/openssh-portable/pull/218 by dbussink
    
    OpenBSD-Commit-ID: 051824fd78edf6d647a0b9ac011bf88e28775054

commit 34c5ef6e2d06d9f0e20cb04a9aebf67a6f96609a
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Feb 18 02:15:07 2021 +0000

    upstream: make names in function prototypes match those in
    
    definition from https://github.com/openssh/openssh-portable/pull/225 by
    ZenithalHourlyRate
    
    OpenBSD-Commit-ID: 7c736307bf3f2c7cb24d6f82f244eee959485acd

commit 88e3d4de31ab4f14cac658e9e0c512043b15b146
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Feb 18 02:13:58 2021 +0000

    upstream: unbreak SK_DEBUG builds
    
    from https://github.com/openssh/openssh-portable/pull/225 by
    ZenithalHourlyRate
    
    OpenBSD-Commit-ID: 28d7259ce1b04d025411464decfa2f1a097b43eb

commit 788cbc5b74a53956ba9fff11e1ca506271a3597f
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Feb 18 00:30:17 2021 +0000

    upstream: sftp-server: implement limits@openssh.com extension
    
    This is a simple extension that allows the server to clearly
    communicate transfer limits it is imposing so the client doesn't
    have to guess, or force the user to manually tune.  This is
    particularly useful when an attempt to use too large of a value
    causes the server to abort the connection.
    
    Patch from Mike Frysinger; ok dtucker@
    
    OpenBSD-Commit-ID: f96293221e5aa24102d9bf30e4f4ef04d5f4fb51

commit 324449a68d510720d0e4dfcc8e9e5a702fe6a48f
Author: Damien Miller <djm@mindrot.org>
Date:   Thu Feb 18 12:06:25 2021 +1100

    support OpenSSL 3.x cipher IV API change
    
    OpenSSL renamed the "get current CIPHER_CTX" IV operation in 3.x.
    This uses the new name if available.
    
    https://github.com/openssl/openssl/issues/13411
    
    bz#3238 ok dtucker@

commit 845fe9811c047063d935eca89188ed55c993626b
Author: Damien Miller <djm@mindrot.org>
Date:   Thu Feb 18 11:25:38 2021 +1100

    prefer login_getpwclass() to login_getclass()
    
    FreeBSD has login_getpwclass() that does some special magic for
    UID=0. Prefer this to login_getclass() as its easier to emulate
    the former with the latter.
    
    Based on FreeBSD PR 37416 via Ed Maste; ok dtucker@

commit d0763c8d566119cce84d9806e419badf20444b02
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Feb 18 10:45:27 2021 +1100

    Fixing quoting for installing moduli on target guest.

commit b3afc243bc820f323a09e3218e9ec8a30a3c1933
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Feb 18 10:27:16 2021 +1100

    Install moduli on target not host.

commit f060c2bc85d59d111fa18a12eb3872ee4b9f7e97
Author: Damien Miller <djm@mindrot.org>
Date:   Thu Feb 18 10:33:58 2021 +1100

    don't free string returned by login_getcapstr(3)
    
    OpenBSD and NetBSD require the caller to free strings returned
    bu the login_* functions, but FreeBSD requires that callers don't.
    
    Fortunately in this case, we can harmlessly leak as the process is
    about to exec the shell/command.
    
    From https://reviews.freebsd.org/D28617 via Ed Maste; ok dtucker@

commit bc9b0c25703215501da28aa7a6539f96c0fa656f
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Feb 18 10:10:00 2021 +1100

    Skip unit tests on sol11 to speed things up.

commit 161873035c12cc22211fc73d07170ade47746bc5
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Feb 18 10:09:27 2021 +1100

    Remove SKIP_UNIT as it needs to be a make arg.

commit 1c293868e4b4e8e74e3ea15b8dff90f6b089967a
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Feb 18 10:05:03 2021 +1100

    Always intall moduli.
    
    Allows us to run tests without falling back to a fixed modulus.  Ensure that
    the directory exists.

commit 5c8f41ad100601ec2fdcbccdfe92890c31f81bbe
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Feb 18 09:59:09 2021 +1100

    Quote SSHD_CONFOPTS in case it contains spaces.

commit 4653116c1f5384ea7006e6396d9b53c33d218975
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Feb 18 09:51:18 2021 +1100

    Fix labels on targets (dots vs underscores).

commit 4512047f57ca3c6e8cd68f0cc69be59e98b25287
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Wed Feb 17 21:47:48 2021 +1100

    More compact representation of config matrix.

commit 0406cd09f05c2e419b113dd4c0eac8bc34ec915b
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Wed Feb 17 21:19:18 2021 +1100

    Skip unit tests on hosted VMs to speed things up.

commit 4582612e6147d766c336198c498740242fb8f1ec
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Wed Feb 17 20:21:29 2021 +1100

    Merge macos and ubuntu tests.

commit 09f4b84654b71099559492e9aed5e1a38bf24815
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Wed Feb 17 18:41:30 2021 +1100

    Convert most github hosted tests to new config structure.

commit 65380ff7e054be1454e5ab4fd7bb9c66f8fcbaa9
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Wed Feb 17 18:27:36 2021 +1100

    Only run selfhosted tests from selfhosted repo.

commit f031366535650b88248ed7dbf23033afdf466240
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Jan 15 14:11:43 2021 +1100

    Add self-hosted runners for VMs of other platforms.
    
    Github only hosts a limited number of platforms, and the runner code
    is only supported on slightly wider range of platforms.  To increase
    our test coverage beyond that, we run the runner natively on a VM host,
    where it runs a jobs that boot VMs of other platforms, waits for them
    to come up then runs the build and test by ssh'ing into the guest.
    This means that the minimum dependencies for the guests are quite low
    (basically just sshd, a compiler and make).
    
    The interface to the VM host is fairly simple (basically 3 scripts:
    vmstartup, vmrun and vmshutdown), but those are specific to the VM host
    so are not in the public repo.  We also mount the working directory on the
    host via sshfs, so things like artifact upload by the runner also work.
    
    As part of this we are moving the per-test-target configs into a single
    place (.github/configs) where there will be referenced by a single short
    "config" key.  I plan to make the github-hosted runners use this too.
    
    The self-hosted runners are run off a private repo on github since that
    prevents third parties from accessing them[0], and since runner quota is
    limited on private repos, we avoid running the tests we run on the public
    repo.
    
    [0] https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories

commit 64bbd7444d658ef7ee14a7ea5ccc7f5810279ee7
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Wed Feb 17 03:59:00 2021 +0000

    upstream: Make sure puttygen is new enough to successfully run the
    
    PuTTY interop tests, otherwise skip them.
    
    OpenBSD-Regress-ID: 34565bb50b8aec58331ed02a5e9e0a9a929bef51

commit da0a9afcc446a30ca49dd216612c41ac3cb1f2d4
Author: markus@openbsd.org <markus@openbsd.org>
Date:   Mon Feb 15 20:43:15 2021 +0000

    upstream: ssh: add PermitRemoteOpen for remote dynamic forwarding
    
    with SOCKS ok djm@, dtucker@
    
    OpenBSD-Commit-ID: 64fe7b6360acc4ea56aa61b66498b5ecc0a96a7c

commit b696858a7f9db72a83d02cb6edaca4b30a91b386
Author: markus@openbsd.org <markus@openbsd.org>
Date:   Mon Feb 15 20:36:35 2021 +0000

    upstream: factor out opt_array_append; ok djm@
    
    OpenBSD-Commit-ID: 571bc5dd35f99c5cf9de6aaeac428b168218e74a

commit ad74fc127cc45567e170e8c6dfa2cfd9767324ec
Author: dlg@openbsd.org <dlg@openbsd.org>
Date:   Mon Feb 15 11:09:22 2021 +0000

    upstream: ProxyJump takes "none" to disable processing like
    
    ProxyCommand does
    
    ok djm@ jmc@
    
    OpenBSD-Commit-ID: 941a2399da2193356bdc30b879d6e1692f18b6d3

commit 16eacdb016ccf38dd9959c78edd3a6282513aa53
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Feb 12 03:49:09 2021 +0000

    upstream: sftp: add missing lsetstat@openssh.com documentation
    
    patch from Mike Frysinger
    
    OpenBSD-Commit-ID: 9c114db88d505864075bfe7888b7c8745549715b

commit e04fd6dde16de1cdc5a4d9946397ff60d96568db
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Feb 12 03:14:18 2021 +0000

    upstream: factor SSH_AGENT_CONSTRAIN_EXTENSION parsing into its own
    
    function and remove an unused variable; ok dtucker@
    
    OpenBSD-Commit-ID: e1a938657fbf7ef0ba5e73b30365734a0cc96559

commit 1bb130ed34721d46452529d094d9bbf045607d79
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Feb 11 10:18:05 2021 +1100

    Add __NR_futex_time64 to seccomp sandbox.
    
    This is apparently needed for (some) 32 bit platforms with glibc 2.33.
    Patch from nix at esperi.org.uk and jjelen at redhat.com via bz#3260.

commit f88a7a431212a16e572ecabd559e632f369c363e
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sat Feb 6 09:37:01 2021 +1100

    Add a hostname function for systems that don't have it.
    
    Some systems don't have a hostname command (it's not required by POSIX).
    The do have uname -n (which is), but as found by tim@ some others (eg
    UnixWare) do not report the FQDN from uname -n.

commit 5e385a71ef2317856f37c91a98658eb12eb5a89c
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Feb 5 22:03:40 2021 +0000

    upstream: Roll back the hostname->uname change in rev 1.10. It turns
    
    out uname -n doesn't do what we need for some platforms in portable, so we'll
    fix the original problem (that some other platforms don't have hostname at
    all) by providing wrapper function to implement it.
    
    OpenBSD-Regress-ID: 827a707d6201d5a8e196a8c28aec1d2c76c52341

commit b446c214279de50ed8388e54897eb1be5281c894
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Feb 5 06:01:58 2021 +0000

    upstream: hostname is not specified by POSIX but uname -n is, so use
    
    the latter for portability.  Patch from Geert Hendrickx via github PR#208.
    
    OpenBSD-Regress-ID: d6a79c7c4d141a0d05ade4a042eb57dddbce89f3

commit 1cb6ce98d658e5fbdae025a3bd65793980e3b5d9
Author: David Carlier <devnexen@gmail.com>
Date:   Sat Nov 21 12:22:23 2020 +0000

    Using explicit_memset for the explicit_bzero compatibility layer.
    
    Favoriting the native implementation in this case.

commit 2e0beff67def2120f4b051b1016d7fbf84823e78
Author: Luca Weiss <luca@z3ntu.xyz>
Date:   Sun Nov 8 14:19:23 2020 +0100

    Deny (non-fatal) statx in preauth privsep child.

commit a35d3e911e193a652bd09eed40907e3e165b0a7b
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Feb 5 02:20:23 2021 +0000

    upstream: Remove debug message from sigchld handler. While this
    
    works on OpenBSD it can cause problems on other platforms.  From kircherlike
    at outlook.com via bz#3259, ok djm@
    
    OpenBSD-Commit-ID: 3e241d7ac1ee77e3de3651780b5dc47b283a7668

commit 69338ab46afe9e3dfb7762ad65351d854077c998
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Feb 2 22:36:59 2021 +0000

    upstream: whitespace
    
    OpenBSD-Commit-ID: 544bb092e03fcbecb420196cd0f70af13ea868ad

commit f71219a01d8f71c4b3ed7e456337a84ddba1653e
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Feb 2 22:36:46 2021 +0000

    upstream: fix memleaks in private key deserialisation; enforce more
    
    consistency between redundant fields in private key certificate and private
    key body; ok markus@
    
    OpenBSD-Commit-ID: dec344e414d47f0a7adc13aecf3760fe58101240

commit 3287790e78bf5b53c4a3cafb67bb5aa03e3910f0
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Feb 2 22:35:14 2021 +0000

    upstream: memleak on error path; ok markus@
    
    OpenBSD-Commit-ID: 2091a36d6ca3980c81891a6c4bdc544e63cb13a8

commit 3dd0c64e08f1bba21d71996d635c7256c8c139d1
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sun Jan 31 22:55:29 2021 +0000

    upstream: more strictly enforce KEX state-machine by banning packet
    
    types once they are received. Fixes memleak caused by duplicate
    SSH2_MSG_KEX_DH_GEX_REQUEST (spotted by portable OpenSSH kex_fuzz via
    oss-fuzz #30078).
    
    ok markus@
    
    OpenBSD-Commit-ID: 87331c715c095b587d5c88724694cdeb701c9def

commit 7a92a324a2e351fabd0ba8ef9b434d3b12d54ee3
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Sun Jan 31 10:50:10 2021 +0000

    upstream: Set linesize returned by getline to zero when freeing and
    
    NULLing the returned string.  OpenBSD's getline handles this just fine, but
    some implementations used by -portable do not.  ok djm@
    
    OpenBSD-Commit-ID: 4d7bd5169d3397654247db9655cc69a9908d165c

commit a5dfc5bae8c16e2a7caf564758d812c7672480b5
Author: Damien Miller <djm@mindrot.org>
Date:   Sat Jan 30 16:32:29 2021 +1100

    allow a fuzz case to contain more than one request
    
    loop until input buffer empty, no message consumed or 256 messages
    processed

commit 0ef24ad60204022f7e33b6e9d171172c50514132
Author: Damien Miller <djm@mindrot.org>
Date:   Sat Jan 30 16:28:23 2021 +1100

    expect fuzz cases to have length prefix
    
    might make life a little easier for the fuzzer, e.g. it can now
    produce valid (multi-request) messages by smashing two cases together.

commit de613f2713d2dfcd3b03c00e5558a40997f52712
Author: Damien Miller <djm@mindrot.org>
Date:   Sat Jan 30 12:03:30 2021 +1100

    ssh-agent fuzzer

commit 7e96c877bcb2fb645355a687b8cb7347987c1c58
Author: Damien Miller <djm@mindrot.org>
Date:   Sat Jan 30 12:02:46 2021 +1100

    move keys out of kex_fuzz.cc into separate header
    
    add certificates and missing key types

commit 76f46d75664fdaa1112739ca523ff85ee4eb52b4
Author: Damien Miller <djm@mindrot.org>
Date:   Sat Jan 30 12:02:10 2021 +1100

    some fixed test data (mostly keys) for fuzzing

commit 7c2e3d6de1f2edb0c8b4725b4c2b56360e032b19
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sat Jan 30 00:56:38 2021 +0000

    upstream: add a SK_DUMMY_INTEGRATE define that allows the dummy
    
    security key middleware to be directly linked; useful for writing fuzzers,
    etc.
    
    OpenBSD-Regress-ID: 0ebd00159b58ebd85e61d8270fc02f1e45df1544

commit 1a4b92758690faa12f49079dd3b72567f909466d
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Jan 29 06:29:46 2021 +0000

    upstream: fix the values of enum sock_type
    
    OpenBSD-Commit-ID: 18d048f4dbfbb159ff500cfc2700b8fb1407facd

commit 8afaa7d7918419d3da6c0477b83db2159879cb33
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Jan 29 06:28:10 2021 +0000

    upstream: give typedef'd struct a struct name; makes the fuzzer I'm
    
    writing a bit easier
    
    OpenBSD-Commit-ID: 1052ab521505a4d8384d67acb3974ef81b8896cb

commit 1e660115f0c7c4a750cd31e468ff889f33dd8088
Author: Damien Miller <djm@mindrot.org>
Date:   Fri Jan 29 11:09:14 2021 +1100

    fuzz diffie-hellman-group-exchange-sha1 kex too

commit be5f0048ea2aaeddd27be7dcca23aaad345fa16c
Author: Damien Miller <djm@mindrot.org>
Date:   Fri Jan 29 11:03:35 2021 +1100

    support for running kex fuzzer with null cipher

commit 3d59e88c0e42182c3749b446ccd9027933c84be4
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Jan 28 20:55:16 2021 +1100

    make with -j2 to use available CPUs.

commit 66dd9ddb5d2ea8c407908c8e8468c9d6e71db05b
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Jan 28 14:31:01 2021 +1100

    Add test against openssl head and libressl head.

commit 237dbb34e24b6b7ea888d54bda4d17da0a0fd0fa
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Jan 28 14:30:50 2021 +1100

    Remove whitespace.

commit d983e1732b8135d7ee8d92290d6dce35f736ab88
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Jan 27 23:49:46 2021 +0000

    upstream: fix leak: was double allocating kex->session_id buffer
    
    OpenBSD-Commit-ID: 3765f4cc3ae1df874dba9102a3588ba7b48b8183

commit 1134a48cdcef8e7363b9f6c73ebdd24405066738
Author: Damien Miller <djm@mindrot.org>
Date:   Thu Jan 28 08:57:31 2021 +1100

    correct kex name in disabled code

commit 67f47f1965abafc1830a287761125c2f4790857e
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Jan 27 10:15:08 2021 +0000

    upstream: this needs kex.h now
    
    OpenBSD-Commit-ID: c5a42166c5aa002197217421a971e48be7cb5d41

commit 39be3dc209f28f9c1ebfeba42adde8963b01e1cd
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Jan 27 10:05:28 2021 +0000

    upstream: make ssh->kex->session_id a sshbuf instead of u_char*/size_t
    
    and use that instead of global variables containing copies of it. feedback/ok
    markus@
    
    OpenBSD-Commit-ID: a4b1b1ca4afd2e37cb9f64f737b30a6a7f96af68

commit 4ca6a1fac328477c642329676d6469dba59019a3
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Jan 27 09:26:53 2021 +0000

    upstream: remove global variable used to stash compat flags and use the
    
    purpose-built ssh->compat variable instead; feedback/ok markus@
    
    OpenBSD-Commit-ID: 7c4f200e112dae6bcf99f5bae1a5629288378a06

commit bba229b6f3328171f5e3ae85de443002523c0452
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Wed Jan 27 12:34:07 2021 +1100

    Install moduli file before tests.
    
    Reduces warnings during test runs.

commit 1b83185593a90a73860a503d753a95ca6d726c00
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Wed Jan 27 11:58:26 2021 +1100

    Run one test with -Werror to catch warnings.

commit d1532d90074b212054d5fd965f833231b09982f5
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Wed Jan 27 00:37:26 2021 +0000

    upstream: Logical not bitwise or. ok djm@
    
    OpenBSD-Commit-ID: d4dc855cf04951b93c45caa383e1ac9af0a3b0e5

commit 507b448a2465a53ab03a88acbc71cc51b48ca6ac
Author: naddy@openbsd.org <naddy@openbsd.org>
Date:   Tue Jan 26 15:40:17 2021 +0000

    upstream: move HostbasedAcceptedAlgorithms to the right place in
    
    alphabetical order
    
    OpenBSD-Commit-ID: d766820d33dd874d944c14b0638239adb522c7ec

commit e26c980778b228bdd42b8353cc70101cf49b731b
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Tue Jan 26 11:25:01 2021 +0000

    upstream: Remove unused variables leftover from refactoring. ok
    
    djm@
    
    OpenBSD-Commit-ID: 8b3ad58bff828fcf874e54b2fc27a4cf1d9505e8

commit e9f78d6b06fc323bba1890b2dc3b8423138fb35c
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Tue Jan 26 05:32:21 2021 +0000

    upstream: Rename HostbasedKeyTypes (ssh) and
    
    HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms, which more
    accurately reflects its effect. This matches a previous change to
    PubkeyAcceptedAlgorithms.  The previous names are retained as aliases.  ok
    djm@
    
    OpenBSD-Commit-ID: 49451c382adc6e69d3fa0e0663eeef2daa4b199e

commit 48d0d7a4dd31154c4208ec39029d60646192f978
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Tue Jan 26 14:48:07 2021 +1100

    Disable sntrup761 if compiler doesn't support VLAs.
    
    The sntrup761 code sourced from supercop uses variable length
    arrays.  Although widely supported, they are not part of the ANSI
    C89 spec so if the compiler does not support VLAs, disable the
    sntrup761x25519-sha512@openssh.com KEX method by replacing the kex
    functions with no-op ones similar to what we do in kexecdh.c.
    
    This should allow OpenSSH to build with a plain C89 compiler again.
    Spotted by tim@, ok djm@.

commit 37c70ea8d4f3664a88141bcdf0bf7a16bd5fd1ac
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Jan 26 00:54:49 2021 +0000

    upstream: refactor key constraint parsing in ssh-agent
    
    Key constraints parsing code previously existed in both the "add regular
    key" and "add smartcard key" path. This unifies them but also introduces
    more consistency checking: duplicated constraints and constraints that
    are nonsensical for a particular situation (e.g. FIDO provider for a
    smartcard key) are now banned.
    
    ok markus@
    
    OpenBSD-Commit-ID: 511cb1b1c021ee1d51a4c2d649b937445de7983c

commit e0e8bee8024fa9e31974244d14f03d799e5c0775
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Jan 26 00:53:31 2021 +0000

    upstream: more ssh-agent refactoring
    
    Allow confirm_key() to accept an additional reason suffix
    
    Factor publickey userauth parsing out into its own function and allow
    it to optionally return things it parsed out of the message to its
    caller.
    
    feedback/ok markus@
    
    OpenBSD-Commit-ID: 29006515617d1aa2d8b85cd2bf667e849146477e

commit dfe18a295542c169ffde8533b3d7fe42088e2de7
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Jan 26 00:51:30 2021 +0000

    upstream: make struct hostkeys public; I have no idea why I made it
    
    opaque originally.
    
    ok markus@
    
    OpenBSD-Commit-ID: e50780b34d4bbe628d69b2405b024dd749d982f3

commit 3b44f2513cae89c920e8fe927b9bc910a1c8c65a
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Jan 26 00:49:30 2021 +0000

    upstream: move check_host_cert() from sshconnect,c to sshkey.c and
    
    refactor it to make it more generally usable and testable.
    
    ok markus@
    
    OpenBSD-Commit-ID: 536f489f5ff38808c1fa711ba58d4579b636f9e4

commit 1fe16fd61bb53944ec510882acc0491abd66ff76
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Jan 26 00:47:47 2021 +0000

    upstream: use recallocarray to allocate the agent sockets table;
    
    also clear socket entries that are being marked as unused.
    
    spinkle in some debug2() spam to make it easier to watch an agent
    do its thing.
    
    ok markus
    
    OpenBSD-Commit-ID: 74582c8e82e96afea46f6c7b6813a429cbc75922

commit cb7b22ea20a01332c81c0ddcb3555ad50de9cce2
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Jan 26 00:46:17 2021 +0000

    upstream: factor out common code in the agent client
    
    Add a ssh_request_reply_decode() function that sends a message to
    the agent, reads and parses a success/failure reply.
    Use it for all requests that only expect success/failure
    
    ok markus@
    
    OpenBSD-Commit-ID: e0c1f4d5e6cfa525d62581e2b8de93be0cb85adb

commit d1e578afe7cd48140ad6e92a453f9b035363fd7f
Author: djm@openbsd.org <djm@openbsd.org>
